[cabfpub] Ballot 121 - EVGL Insurance Requirements

i-barreira at izenpe.net i-barreira at izenpe.net
Mon May 5 07:32:36 UTC 2014


If it can help, we have this type of insurance

 

 

Iñigo Barreira
Responsable del Área técnica
i-barreira at izenpe.net

945067705

 

 

ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea. Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna. KONTUZ!
ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la que solo tiene derecho a acceder el destinatario. Si usted lo recibe por error le agradeceriamos que no hiciera uso de la informacion y que se pusiese en contacto con el remitente.

 

De: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] En nombre de Ben Wilson
Enviado el: viernes, 02 de mayo de 2014 19:04
Para: 'Ryan Sleevi'; 'Eddy Nigg'
CC: 'CABFPub'
Asunto: Re: [cabfpub] Ballot 121 - EVGL Insurance Requirements

 

FWIW -  Here are some resources I found on cyber risk insurance, which is a type of insurance that might be more applicable to the CA industry:

 

English

 

http://latham.com/thoughtLeadership/lw-cybersecurity-insurance-policy-coverage 

 

http://www.aon.com/risk-services/cyber.jsp 

 

http://www.zurich.com/insight/cyber/cyber-risk.htm

 

http://uk.marsh.com/RiskIssues/CyberRisk/lapg-13383/2.aspx

 

http://www.allianz.com.au/media/news/2014/allianz-launches-cyber-risk-insurance-product 

 

German

http://www.aon.com/germany/risk-services/cyber-risiken.jsp

 

Spanish

http://spain.marsh.com/ActualidadAFondo/Liderazgointelectual/Articles/ID/24861/PageID/25841/Ciber-riesgo-la-seguridad-de-la-informacion-electronica.aspx 

 

Chinese

http://asia.marsh.com/china/tabid/14027/ID/33653/default.aspx - http://asia.marsh.com/china/MRMR/ID/35546.aspx 

 

French

http://www.cnaeurope.com/CNADownloadsLibrary/Cyber%20NetProtect%20Brochure.pdf 

 

 

 

 

 

 

 

From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Ryan Sleevi
Sent: Thursday, May 01, 2014 3:18 PM
To: Eddy Nigg
Cc: CABFPub
Subject: Re: [cabfpub] Ballot 121 - EVGL Insurance Requirements

 

I'm generally supportive of this, if only because the vast majority of CA's CP/CPSes leave them enough wiggle room to drive a truck through, while still not being an insurable incident.

 

CA accidentally revokes a certificate? Most CPSes seem to leave enough verbiage in that the CA is not 'on the hook' for that.

CA accidentally misissues a certificate? Most CPSes seem to leave enough verbiage in their Subscriber/Relying Party agreements that (to a non-lawyer such as myself) that they could argue it was the subscriber's fault.

 

We discussed this during the Mountain View F2F, where I raised similar remarks.

 

I think absent clear guidance from the CA/B Forum on

  1) What are events that a CA should be liable for

  2) What language is unacceptable in a CP/CPS (in terms of disclaiming liability/imposing requirements)

 

That requiring insurance has more the effect of theatre than security.

 

That is, I think the practical reality is things are already wildly inconsistent and largely inapplicable for the incidents that most of us would consider inappropriate and grave for trust in the ecosystem.

 

On Thu, May 1, 2014 at 1:59 PM, Eddy Nigg <eddy_nigg at startcom.org> wrote:



On 05/01/2014 07:56 PM, Jeremy Rowley wrote: 

I am in favor of that approach rather than gutting the entire requirement.  We haven’t adequately explored the alternatives and possible revisions to the language to know whether a simple change could satisfy the current concerns.

 

 

I can't be against saving expensive insurances if the effect on having them or not would be exactly the same. However we would take out probably a different/similar insurance in any case as we wouldn't want to be completely unprotected. 

I'm not an insurance specialist and don't really know what the options would be, if at all. We followed the EV requirement more or less blindly because it's there and I'm actually a bit surprised that it's perceived as entire waste of money by some. 

But then, Kirk is a lawyer that might have that knowledge - but Kirk, I believe we need more information and also an alternative before we can vote on it. 

 

-- 

Regards 

 

Signer: 

Eddy Nigg, COO/CTO

 

StartCom Ltd. <http://www.startcom.org> 

XMPP: 

startcom at startcom.org

Blog: 

Join the Revolution! <http://blog.startcom.org> 

Twitter: 

Follow Me <http://twitter.com/eddy_nigg> 

 


_______________________________________________
Public mailing list
Public at cabforum.org
https://cabforum.org/mailman/listinfo/public

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140505/6a087132/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 19121 bytes
Desc: image001.png
URL: <http://lists.cabforum.org/pipermail/public/attachments/20140505/6a087132/attachment-0003.png>


More information about the Public mailing list